Re: [twitter-dev] Re: countdown to OAuth / basic auth removal / OAuthcalypse

2010-04-27 Thread John Meyer 

On 4/27/2010 5:52 AM, Eoin wrote:

Hi,

This is probably a basic question - but what is the best option if you
have written an integration for a web-based application that is
installed on multiple sites?

The URL is going to change per installation (and won't be publicly
accessible), and I would really like to minimise the impact to the
application's administrators and users.

thanks,

Eoin



If the app stores twitter usernames/passwords in combo, one solution may 
be to use xAuth and run a batch job to convert.  Once you've converted 
over to tokens, ditch the passwords and you're done.



--
Subscription settings: 
http://groups.google.com/group/twitter-development-talk/subscribe?hl=en

Re: [twitter-dev] Re: countdown to OAuth / basic auth removal / OAuthcalypse

2010-04-27 Thread John Meyer 

On 4/27/2010 4:32 AM, jaronbarends wrote:

@Dave

Thanks for your suggestion. I do indeed have a mysql, but haven't seen
the need to implement it in my app (http://twimply.com) since it
basicly only offers an alternative web interface for using twitter.

The only mentioned using a database as a possible solution: creating a
desktop app that let's my users allow permission through xAuth, Then I
would have to access the the same database from the web app, and re-
use those tokens. Another problem with that is that the tokens will be
bound to the desktop app, and not to the web app. So to make that
work, Twitter would have to make it possible to link the tokens of a
desktop app and a web app.

For me this is purely hypothetical, since I do not have the skills nor
the resources to create a desktop app.

jarón




First off all you really need is Visual Basic/Studio Express, and that's 
free.
Second, you may not be able to directly do that, but what you could do 
is have your desktop app use an API exposed from your web site, which 
would use one set of tokens that the users already uses from the web 
site directly. Catch the drift.



--
Subscription settings: 
http://groups.google.com/group/twitter-development-talk/subscribe?hl=en

Re: [twitter-dev] Re: countdown to OAuth / basic auth removal / OAuthcalypse

2010-04-27 Thread M. Edward (Ed) Borasky 
On 04/27/2010 12:11 AM, Dave Sherohman wrote:
> On Mon, Apr 26, 2010 at 11:09:38AM -0400, Dean Collins wrote:
>> Yeh but John, who is going to install MySQL for a desktop client?
> 
> 1) John was responding to someone who said a database "wouldn't work for
> [him] since I do not have a desktop app, end I do not store anything in
> a database".  If he doesn't have a desktop app, then he's talking about
> a web app and, as John said, pretty much every web host out there gives
> you MySQL, no installation required.
> 
> 2) MySQL isn't the only RDBMS out there...  If I were writing a desktop
> app which needed to handle significant amounts of data, I'd use SQLite.
> The SQLite libraries in every language I'm aware of aren't just
> interfaces to the database, but rather contain the entire database
> engine, so there's no external application to install.  This is a well-
> proven approach, with Firefox probably being the biggest-name
> application using an embedded SQLite database engine to handle its data.
> 
> http://en.wikipedia.org/wiki/SQLite
> 
> 

Fortunately, SQLite is small enough that having dozens of applications,
each with its own embedded binary of SQLite, doesn't run you out of RAM. ;-)

-- 
M. Edward (Ed) Borasky
borasky-research.net/m-edward-ed-borasky

"A mathematician is a device for turning coffee into theorems." ~ Paul Erdős


-- 
Subscription settings: 
http://groups.google.com/group/twitter-development-talk/subscribe?hl=en

Re: [twitter-dev] Re: countdown to OAuth / basic auth removal / OAuthcalypse

2010-04-27 Thread Dave Sherohman 
On Mon, Apr 26, 2010 at 11:09:38AM -0400, Dean Collins wrote:
> Yeh but John, who is going to install MySQL for a desktop client?

1) John was responding to someone who said a database "wouldn't work for
[him] since I do not have a desktop app, end I do not store anything in
a database".  If he doesn't have a desktop app, then he's talking about
a web app and, as John said, pretty much every web host out there gives
you MySQL, no installation required.

2) MySQL isn't the only RDBMS out there...  If I were writing a desktop
app which needed to handle significant amounts of data, I'd use SQLite.
The SQLite libraries in every language I'm aware of aren't just
interfaces to the database, but rather contain the entire database
engine, so there's no external application to install.  This is a well-
proven approach, with Firefox probably being the biggest-name
application using an embedded SQLite database engine to handle its data.

http://en.wikipedia.org/wiki/SQLite


-- 
Dave Sherohman


-- 
Subscription settings: 
http://groups.google.com/group/twitter-development-talk/subscribe?hl=en

Re: [twitter-dev] Re: countdown to OAuth / basic auth removal / OAuthcalypse

2010-04-26 Thread Raffi Krikorian 
taylor mentioned to me (in passing) that he would be updating that page
ASAP.

On Mon, Apr 26, 2010 at 11:30 AM, Craig Hockenberry <
craig.hockenbe...@gmail.com> wrote:

> It's not in this documentation, which is the first thing I found:
>
> 
>
> -ch
>
> On Apr 25, 1:40 pm, Abraham Williams <4bra...@gmail.com> wrote:
> > It is specified on the XAuth documentation.
> >
> > On Sun, Apr 25, 2010 at 13:39, Craig Hockenberry <
> >
> >
> >
> >
> >
> > craig.hockenbe...@gmail.com> wrote:
> > > No, I didn't ask for access. I guess that's the bug: there's no place
> > > during the signup process that tells you that you need to go through a
> > > manual process to get xAuth access...
> >
> > > -ch
> >
> > > On Apr 25, 1:29 pm, Raffi Krikorian  wrote:
> > > > hi craig.
> >
> > > > have you gotten access to xAuth?  applications are not, by default,
> given
> > > > access to xAuth - if you e-mail a...@twitter.com with
> >
> > > >- your client token; and
> > > >- a description of your application
> >
> > > > then we can grant it access.
> >
> > > > On Sun, Apr 25, 2010 at 1:22 PM, Craig Hockenberry <
> >
> > > > craig.hockenbe...@gmail.com> wrote:
> > > > > Hi Raffi!
> >
> > > > > Is there a delay/verification after a new app is created? I just
> > > > > created a new app and am seeing problems getting the OAuth token
> with
> > > > > a xAuth HTTP request that looks like this:
> >
> > > > > xAuth consumer key = N3fq77IdBT4qfglbcb4njg, consumer secret =
> > > > > REDACTED
> > > > > xAuth URL =https://api.twitter.com/oauth/access_token
> > > > > xAuth HTTP method = POST, shouldHandleCookies = NO, cachePolicy =
> > > > > NSURLRequestReloadIgnoringCacheData
> > > > > xAuth HTTP headers = {
> > > > >"Content-Length" = 78;
> > > > >"Content-Type" = "application/x-www-form-urlencoded";
> > > > > }
> > > > > xAuth HTTP body =
> >
> > >
> x_auth_mode=client_auth&x_auth_username=REDACTED&x_auth_password=REDACTED
> >
> > > > > I get back a status code of 0 and a response of "Failed to validate
> > > > > oauth signature and token".
> >
> > > > > For an older application with different consumer information (key =
> > > > > 5CAYV1DR5uwhVRJDBrepw) but the same username and password), I get
> back
> > > > > a code of 200 and an empty response.
> >
> > > > > If there is indeed a delay for this information to propagate, you
> need
> > > > > to let people know...
> >
> > > > > -ch
> >
> > > > > On Apr 24, 8:40 am, Raffi Krikorian  wrote:
> > > > > > hi all.
> >
> > > > > > you're going to be hearing a lot from me over the next 9 weeks.
>  our
> > > plan
> > > > > is
> > > > > > to turn off basic authorization on the API by june 30, 2010 --
> > > developers
> > > > > > will have to switch over to OAuth by that time.  between now and
> > > then,
> > > > > there
> > > > > > will be a *lot* of information coming along with tips on how to
> use
> > > OAuth
> > > > > > Echo, xAuth, etc.  we really want to make this transition as easy
> as
> > > we
> > > > > can
> > > > > > for everybody.
> >
> > > > > > as always, please feel free to reach out to this group, or to
> > > @twitterapi
> > > > > > directly.  if you need help remembering the date -
> > > > >http://bit.ly/twcountdown
> > > > > > .
> >
> > > > > > --
> > > > > > Raffi Krikorian
> > > > > > Twitter Platform Teamhttp://twitter.com/raffi
> >
> > > > > > --
> > > > > > Subscription settings:
> > > > >
> http://groups.google.com/group/twitter-development-talk/subscribe?hl=en
> >
> > > > --
> > > > Raffi Krikorian
> > > > Twitter Platform Teamhttp://twitter.com/raffi
> >
> > --
> > Abraham Williams | Developer for hire |http://abrah.am
> > @abraham |http://projects.abrah.am|http://blog.abrah.am
> > This email is: [ ] shareable [x] ask first [ ] private.
>



-- 
Raffi Krikorian
Twitter Platform Team
http://twitter.com/raffi

Re: [twitter-dev] Re: countdown to OAuth / basic auth removal / OAuthcalypse

2010-04-26 Thread Raffi Krikorian 
i don't know very much about textpattern, however, might @anywhere be a
solution for this?

On Mon, Apr 26, 2010 at 11:08 AM, monkeyninja  wrote:

> Hi Raffi,
>
> Not sure if I am following this correctly or not, but basically I have
> been developing a plugin for Textpattern for a while that uses basic
> authorisation to update a Twitter feed based on the username/password
> set for the plugin. Does this change mean that the user would now be
> temporarily passed back to Twitter before they would be authorised? I
> am hoping this isn't the case as it would make the plugin somewhat
> useless to the people using it.
>
> On Apr 24, 4:40 pm, Raffi Krikorian  wrote:
> > hi all.
> >
> > you're going to be hearing a lot from me over the next 9 weeks.  our plan
> is
> > to turn off basic authorization on the API by june 30, 2010 -- developers
> > will have to switch over to OAuth by that time.  between now and then,
> there
> > will be a *lot* of information coming along with tips on how to use OAuth
> > Echo, xAuth, etc.  we really want to make this transition as easy as we
> can
> > for everybody.
> >
> > as always, please feel free to reach out to this group, or to @twitterapi
> > directly.  if you need help remembering the date -
> http://bit.ly/twcountdown
> > .
> >
> > --
> > Raffi Krikorian
> > Twitter Platform Teamhttp://twitter.com/raffi
> >
> > --
> > Subscription settings:
> http://groups.google.com/group/twitter-development-talk/subscribe?hl=en
>



-- 
Raffi Krikorian
Twitter Platform Team
http://twitter.com/raffi

Re: [twitter-dev] Re: countdown to OAuth / basic auth removal / OAuthcalypse

2010-04-26 Thread John Meyer 

On 4/26/2010 9:09 AM, Dean Collins wrote:









-Original Message-
From: twitter-development-talk@googlegroups.com
[mailto:twitter-development-t...@googlegroups.com] On Behalf Of John
Meyer
Sent: Monday, April 26, 2010 10:48 AM
To: twitter-development-talk@googlegroups.com
Subject: Re: [twitter-dev] Re: countdown to OAuth / basic auth removal /
OAuthcalypse

On 4/26/2010 8:43 AM, jaronbarends wrote:

@raffi thanks for your replies. I didn't mean to start a discussion
about Twitter's policy here (although I can imagine some people would
like to discuss it elsewhere). I'm mostly interested in finding a
solution.

@dean: I'm not sure I understand your suggestion about using oAuth for
both the desktop and the web app. Did you mean letting the users allow
access through the desktop app, then storing the username/token
combination in a central database and using that database for the web
app too? That wouldn't work for me since I do not have a desktop app,
end I do not store anything in a database...



no I think he meant that you can use the oAuth for EITHER the desktop or

the web.  You wouldn't even need to store the username; just the token
and the token_secret.  And the database can be anything from an actual
RDBMS to a text file stored on the server (although with the fact that
almost every web host that you pay for provides at least MySQL and the
fact that text files are notoriously insecure you should be thinking
about upgrading).




Yeh but John, who is going to install MySQL for a desktop client?

You're still thinking webapps instead of desktop (yes I realize I'm in
the minority here).




Um, not jaron since he said he didn't have a desktop app.



--
Subscription settings: 
http://groups.google.com/group/twitter-development-talk/subscribe?hl=en

RE: [twitter-dev] Re: countdown to OAuth / basic auth removal / OAuthcalypse

2010-04-26 Thread Dean Collins 


 


 


-Original Message-
From: twitter-development-talk@googlegroups.com
[mailto:twitter-development-t...@googlegroups.com] On Behalf Of John
Meyer
Sent: Monday, April 26, 2010 10:48 AM
To: twitter-development-talk@googlegroups.com
Subject: Re: [twitter-dev] Re: countdown to OAuth / basic auth removal /
OAuthcalypse

On 4/26/2010 8:43 AM, jaronbarends wrote:
> @raffi thanks for your replies. I didn't mean to start a discussion
> about Twitter's policy here (although I can imagine some people would
> like to discuss it elsewhere). I'm mostly interested in finding a
> solution.
>
> @dean: I'm not sure I understand your suggestion about using oAuth for
> both the desktop and the web app. Did you mean letting the users allow
> access through the desktop app, then storing the username/token
> combination in a central database and using that database for the web
> app too? That wouldn't work for me since I do not have a desktop app,
> end I do not store anything in a database...


no I think he meant that you can use the oAuth for EITHER the desktop or

the web.  You wouldn't even need to store the username; just the token 
and the token_secret.  And the database can be anything from an actual 
RDBMS to a text file stored on the server (although with the fact that 
almost every web host that you pay for provides at least MySQL and the 
fact that text files are notoriously insecure you should be thinking 
about upgrading).


 

Yeh but John, who is going to install MySQL for a desktop client?

You're still thinking webapps instead of desktop (yes I realize I'm in
the minority here).



Cheers,

Dean



-- 
Subscription settings: 
http://groups.google.com/group/twitter-development-talk/subscribe?hl=en

Re: [twitter-dev] Re: countdown to OAuth / basic auth removal / OAuthcalypse

2010-04-26 Thread John Meyer 

On 4/26/2010 8:43 AM, jaronbarends wrote:

@raffi thanks for your replies. I didn't mean to start a discussion
about Twitter's policy here (although I can imagine some people would
like to discuss it elsewhere). I'm mostly interested in finding a
solution.

@dean: I'm not sure I understand your suggestion about using oAuth for
both the desktop and the web app. Did you mean letting the users allow
access through the desktop app, then storing the username/token
combination in a central database and using that database for the web
app too? That wouldn't work for me since I do not have a desktop app,
end I do not store anything in a database...



no I think he meant that you can use the oAuth for EITHER the desktop or 
the web.  You wouldn't even need to store the username; just the token 
and the token_secret.  And the database can be anything from an actual 
RDBMS to a text file stored on the server (although with the fact that 
almost every web host that you pay for provides at least MySQL and the 
fact that text files are notoriously insecure you should be thinking 
about upgrading).



--
Subscription settings: 
http://groups.google.com/group/twitter-development-talk/subscribe?hl=en

RE: [twitter-dev] Re: countdown to OAuth / basic auth removal / OAuthcalypse

2010-04-26 Thread Dean Collins 
One solution, which I know won't win the popularity prize, is
for
Twitter to relax its XAuth restrictions and allow web apps to
use full
OAuth and/or XAuth, depending on what works best for them.

In my case, I will still use full OAuth because it's so much
better
than dealing with Twitter credential issues. But, I will add a
small
link below the Twitter authorize button on my site that says
something
like, "Can't get to Twitter.com?" which then leads to a
username-
password entry form, and then triggers an XAuth authorization.

 

>unfortunately, this defeats the purpose of oauth :(

 

>http://mehack.com/xauth-and-perhaps-the-need-for-socializing-ap

 

-- 
>Raffi Krikorian
>Twitter Platform Team
>http://twitter.com/raffi

 

 

 

 

But for a desktop client it doesn't really matter now does it?

 

I'm still not buying it that oauth is going add any value for desktop
clients with regards to password security. Basically you are now storing
token in the desktop client instead of password.

 

Same difference if you are worried about the end users pc getting
hacked.

 

 

 

 

Cheers,

Dean

 

 



-- 
Subscription settings: 
http://groups.google.com/group/twitter-development-talk/subscribe?hl=en

Re: [twitter-dev] Re: countdown to OAuth / basic auth removal / OAuthcalypse

2010-04-26 Thread Raffi Krikorian 
>
> One solution, which I know won't win the popularity prize, is for
> Twitter to relax its XAuth restrictions and allow web apps to use full
> OAuth and/or XAuth, depending on what works best for them.
>
> In my case, I will still use full OAuth because it's so much better
> than dealing with Twitter credential issues. But, I will add a small
> link below the Twitter authorize button on my site that says something
> like, "Can't get to Twitter.com?" which then leads to a username-
> password entry form, and then triggers an XAuth authorization.


unfortunately, this defeats the purpose of oauth :(

http://mehack.com/xauth-and-perhaps-the-need-for-socializing-ap

-- 
Raffi Krikorian
Twitter Platform Team
http://twitter.com/raffi


-- 
Subscription settings: 
http://groups.google.com/group/twitter-development-talk/subscribe?hl=en

Re: [twitter-dev] Re: countdown to OAuth / basic auth removal / OAuthcalypse

2010-04-25 Thread Raffi Krikorian 
before this gets out of hand - i, personally, am very sensitive to these
issues.  i've been spending some brain power trying to come up with a
solution.  if people have suggestions, then please feel free to reach out to
me personally and off list.

On Sun, Apr 25, 2010 at 7:54 PM, Ron B  wrote:

> China's policy didn't just recently change, Twitter's did.  So it is
> Twitter telling us that we may not be able to support China and other
> firewall blocked countries any longer.  It is, after all, within
> Twitter's power to continue to support Basic Auth.  It is their
> conscious decision not to, despite the significant negative
> ramifications being brought to their attention.
>
> In an earlier comment from Twitter: " twitter.com is trying to drive
> people to understand and discover what's going on in the world."  No
> one in the world needs to "understand and discover what's going on"
> more than the people of these communist-block countries that otherwise
> see only what their governments allow them to see.  It is unfortunate
> that Twitter plans to turn their back on them.  Then again, what's a
> billion people here or there?...
>
> On Apr 25, 9:04 pm, Abraham Williams <4bra...@gmail.com> wrote:
> > It is not twitter telling you it is China.
> >
> > --
> > Little androids dreaming of Nexus Ones compiled this text.
> >
> > On Apr 25, 2010 6:53 PM, "Dewald Pretorius"  wrote:
> >
> > Raffi,
> >
> > We really need a resolution for this issue before Basic Auth is
> > deprecated.
> >
> > It sounds as if Twitter is telling developers of web apps that they
> > cannot provide service to Chinese users, and other users behind
> > firewalls that block access to twitter.com. But that can't be right,
> > can it?
> >
> > On Apr 25, 4:49 am, jaronbarends  wrote:> I
> moved my web based app from ba...
> > > This issue has discussed in this group before here:
> >
> > https://groups.google.com/group/twitter-development-talk/browse_threa...
> >
> >
> >
> > > Being a frontend developer, I may have misunderstood the outcome of
> > > that discussion (I certain...
> >
> > --
> > Subscription settings:
> http://groups.google.com/group/twitter-development-talk/subscribe?hl=en
>



-- 
Raffi Krikorian
Twitter Platform Team
http://twitter.com/raffi

Re: [twitter-dev] Re: countdown to OAuth / basic auth removal / OAuthcalypse

2010-04-25 Thread Abraham Williams 
It is not twitter telling you it is China.

--
Little androids dreaming of Nexus Ones compiled this text.

On Apr 25, 2010 6:53 PM, "Dewald Pretorius"  wrote:

Raffi,

We really need a resolution for this issue before Basic Auth is
deprecated.

It sounds as if Twitter is telling developers of web apps that they
cannot provide service to Chinese users, and other users behind
firewalls that block access to twitter.com. But that can't be right,
can it?


On Apr 25, 4:49 am, jaronbarends  wrote:
> I moved my web based app from ba...
> This issue has discussed in this group before here:
https://groups.google.com/group/twitter-development-talk/browse_threa...

>
> Being a frontend developer, I may have misunderstood the outcome of
> that discussion (I certain...


-- 
Subscription settings: 
http://groups.google.com/group/twitter-development-talk/subscribe?hl=en

Re: [twitter-dev] Re: countdown to OAuth / basic auth removal / OAuthcalypse

2010-04-25 Thread Abraham Williams 
It is specified on the XAuth documentation.

On Sun, Apr 25, 2010 at 13:39, Craig Hockenberry <
craig.hockenbe...@gmail.com> wrote:

> No, I didn't ask for access. I guess that's the bug: there's no place
> during the signup process that tells you that you need to go through a
> manual process to get xAuth access...
>
> -ch
>
> On Apr 25, 1:29 pm, Raffi Krikorian  wrote:
> > hi craig.
> >
> > have you gotten access to xAuth?  applications are not, by default, given
> > access to xAuth - if you e-mail a...@twitter.com with
> >
> >- your client token; and
> >- a description of your application
> >
> > then we can grant it access.
> >
> > On Sun, Apr 25, 2010 at 1:22 PM, Craig Hockenberry <
> >
> >
> >
> >
> >
> > craig.hockenbe...@gmail.com> wrote:
> > > Hi Raffi!
> >
> > > Is there a delay/verification after a new app is created? I just
> > > created a new app and am seeing problems getting the OAuth token with
> > > a xAuth HTTP request that looks like this:
> >
> > > xAuth consumer key = N3fq77IdBT4qfglbcb4njg, consumer secret =
> > > REDACTED
> > > xAuth URL =https://api.twitter.com/oauth/access_token
> > > xAuth HTTP method = POST, shouldHandleCookies = NO, cachePolicy =
> > > NSURLRequestReloadIgnoringCacheData
> > > xAuth HTTP headers = {
> > >"Content-Length" = 78;
> > >"Content-Type" = "application/x-www-form-urlencoded";
> > > }
> > > xAuth HTTP body =
> > >
> x_auth_mode=client_auth&x_auth_username=REDACTED&x_auth_password=REDACTED
> >
> > > I get back a status code of 0 and a response of "Failed to validate
> > > oauth signature and token".
> >
> > > For an older application with different consumer information (key =
> > > 5CAYV1DR5uwhVRJDBrepw) but the same username and password), I get back
> > > a code of 200 and an empty response.
> >
> > > If there is indeed a delay for this information to propagate, you need
> > > to let people know...
> >
> > > -ch
> >
> > > On Apr 24, 8:40 am, Raffi Krikorian  wrote:
> > > > hi all.
> >
> > > > you're going to be hearing a lot from me over the next 9 weeks.  our
> plan
> > > is
> > > > to turn off basic authorization on the API by june 30, 2010 --
> developers
> > > > will have to switch over to OAuth by that time.  between now and
> then,
> > > there
> > > > will be a *lot* of information coming along with tips on how to use
> OAuth
> > > > Echo, xAuth, etc.  we really want to make this transition as easy as
> we
> > > can
> > > > for everybody.
> >
> > > > as always, please feel free to reach out to this group, or to
> @twitterapi
> > > > directly.  if you need help remembering the date -
> > >http://bit.ly/twcountdown
> > > > .
> >
> > > > --
> > > > Raffi Krikorian
> > > > Twitter Platform Teamhttp://twitter.com/raffi
> >
> > > > --
> > > > Subscription settings:
> > >http://groups.google.com/group/twitter-development-talk/subscribe?hl=en
> >
> > --
> > Raffi Krikorian
> > Twitter Platform Teamhttp://twitter.com/raffi
>



-- 
Abraham Williams | Developer for hire | http://abrah.am
@abraham | http://projects.abrah.am | http://blog.abrah.am
This email is: [ ] shareable [x] ask first [ ] private.

RE: [twitter-dev] Re: countdown to OAuth / basic auth removal / OAuthcalypse

2010-04-25 Thread Dean Collins 
Jaron,

Why not use oAuth on a desktop client as well as the web client?

This way your Chinese users can still use the app? We are thinking of enabling 
oauth for MyPostButler in the same format but haven't decided if it's worth the 
effort until we get the all clear from twitter they wont kill the application 
once we move to oauth..



 

Cheers,

Dean

 


-Original Message-
From: twitter-development-talk@googlegroups.com 
[mailto:twitter-development-t...@googlegroups.com] On Behalf Of jaronbarends
Sent: Sunday, April 25, 2010 3:50 AM
To: Twitter Development Talk
Subject: [twitter-dev] Re: countdown to OAuth / basic auth removal / 
OAuthcalypse

I moved my web based app from basic auth to oAuth just last week. I
subsequently got several pleas from Chinese users to put the old
version back up, as they could no longer use my app, since access to
Twitter.com is blocked in China.

This issue has discussed in this group before here:
https://groups.google.com/group/twitter-development-talk/browse_thread/thread/39b8b326d8b679c6

Being a frontend developer, I may have misunderstood the outcome of
that discussion (I certainly hope so). But from Raffi's last comment
there ("understood, but, right now, not in the plan.  web apps will
have to use the standard oauth workflow.") I understand that web app
users in countries like China where twitter is blocked will simply no
longer be able to use Twitter via the web.

Have I understood this correctly? If not, how can I make sure users in
blocked countries can still use my web app? If my users can no longer
use my app, what do you suggest I recommend them?

Jaron

On Apr 24, 5:40 pm, Raffi Krikorian  wrote:
> hi all.
>
> you're going to be hearing a lot from me over the next 9 weeks.  our plan is
> to turn off basic authorization on the API by june 30, 2010 -- developers
> will have to switch over to OAuth by that time.  between now and then, there
> will be a *lot* of information coming along with tips on how to use OAuth
> Echo, xAuth, etc.  we really want to make this transition as easy as we can
> for everybody.
>
> as always, please feel free to reach out to this group, or to @twitterapi
> directly.  if you need help remembering the date -http://bit.ly/twcountdown
> .
>
> --
> Raffi Krikorian
> Twitter Platform Teamhttp://twitter.com/raffi
>
> --
> Subscription 
> settings:http://groups.google.com/group/twitter-development-talk/subscribe?hl=en

Re: [twitter-dev] Re: countdown to OAuth / basic auth removal / OAuthcalypse

2010-04-25 Thread Raffi Krikorian 
hi craig.

have you gotten access to xAuth?  applications are not, by default, given
access to xAuth - if you e-mail a...@twitter.com with

   - your client token; and
   - a description of your application

then we can grant it access.

On Sun, Apr 25, 2010 at 1:22 PM, Craig Hockenberry <
craig.hockenbe...@gmail.com> wrote:

> Hi Raffi!
>
> Is there a delay/verification after a new app is created? I just
> created a new app and am seeing problems getting the OAuth token with
> a xAuth HTTP request that looks like this:
>
> xAuth consumer key = N3fq77IdBT4qfglbcb4njg, consumer secret =
> REDACTED
> xAuth URL = https://api.twitter.com/oauth/access_token
> xAuth HTTP method = POST, shouldHandleCookies = NO, cachePolicy =
> NSURLRequestReloadIgnoringCacheData
> xAuth HTTP headers = {
>"Content-Length" = 78;
>"Content-Type" = "application/x-www-form-urlencoded";
> }
> xAuth HTTP body =
> x_auth_mode=client_auth&x_auth_username=REDACTED&x_auth_password=REDACTED
>
> I get back a status code of 0 and a response of "Failed to validate
> oauth signature and token".
>
> For an older application with different consumer information (key =
> 5CAYV1DR5uwhVRJDBrepw) but the same username and password), I get back
> a code of 200 and an empty response.
>
> If there is indeed a delay for this information to propagate, you need
> to let people know...
>
> -ch
>
>
>
> On Apr 24, 8:40 am, Raffi Krikorian  wrote:
> > hi all.
> >
> > you're going to be hearing a lot from me over the next 9 weeks.  our plan
> is
> > to turn off basic authorization on the API by june 30, 2010 -- developers
> > will have to switch over to OAuth by that time.  between now and then,
> there
> > will be a *lot* of information coming along with tips on how to use OAuth
> > Echo, xAuth, etc.  we really want to make this transition as easy as we
> can
> > for everybody.
> >
> > as always, please feel free to reach out to this group, or to @twitterapi
> > directly.  if you need help remembering the date -
> http://bit.ly/twcountdown
> > .
> >
> > --
> > Raffi Krikorian
> > Twitter Platform Teamhttp://twitter.com/raffi
> >
> > --
> > Subscription settings:
> http://groups.google.com/group/twitter-development-talk/subscribe?hl=en
>



-- 
Raffi Krikorian
Twitter Platform Team
http://twitter.com/raffi

Re: [twitter-dev] Re: countdown to OAuth / basic auth removal / OAuthcalypse

2010-04-25 Thread Marco Kaiser 
Did you whitelist your app for xAuth?

On Apr 25, 2010 1:22 PM, "Craig Hockenberry" 
wrote:

Hi Raffi!

Is there a delay/verification after a new app is created? I just
created a new app and am seeing problems getting the OAuth token with
a xAuth HTTP request that looks like this:

xAuth consumer key = N3fq77IdBT4qfglbcb4njg, consumer secret =
REDACTED
xAuth URL = https://api.twitter.com/oauth/access_token
xAuth HTTP method = POST, shouldHandleCookies = NO, cachePolicy =
NSURLRequestReloadIgnoringCacheData
xAuth HTTP headers = {
   "Content-Length" = 78;
   "Content-Type" = "application/x-www-form-urlencoded";
}
xAuth HTTP body =
x_auth_mode=client_auth&x_auth_username=REDACTED&x_auth_password=REDACTED

I get back a status code of 0 and a response of "Failed to validate
oauth signature and token".

For an older application with different consumer information (key =
5CAYV1DR5uwhVRJDBrepw) but the same username and password), I get back
a code of 200 and an empty response.

If there is indeed a delay for this information to propagate, you need
to let people know...

-ch




On Apr 24, 8:40 am, Raffi Krikorian  wrote:

> hi all.
>
> you're going to be hearing a lot from me over the next 9 weeks.  our plan
is
> to turn...

> Twitter Platform Teamhttp://twitter.com/raffi
>
> --
> Subscription settings:http://groups.google


-- 
Subscription settings: 
http://groups.google.com/group/twitter-development-talk/subscribe?hl=en

Re: [twitter-dev] Re: countdown to OAuth / basic auth removal / OAuthcalypse

2010-04-25 Thread Raffi Krikorian 
not at all.  twitter.com is already setup completely for oauth echo.  at
this point, its just 3rd party providers, and end clients.  the @twitterapi
team is ready to help out any of those that need help.

On Sat, Apr 24, 2010 at 9:28 PM, Jaanus  wrote:

> Is there any kind of special involvement needed from you every time
> someone wants to do OAuth Echo? I thought I'll make my own server for
> my own app for some purpose. Judging by the spec you posted on your
> blog a while ago (http://mehack.com/oauth-echo-delegation-in-identity-
> verificatio), it does not look like some special Twitter involvement
> is needed, as long as I implement all that's needed in my app and
> server?
>
>
> J
>
>
> On Apr 24, 5:44 pm, Raffi Krikorian  wrote:
> > hi tom!
> >
> > i will be sending more info about it - we've been working with yfrog,
> > tweetphoto, and twitpic to get their services migrated - they are either
> > finished or are nearly there.  if there are others that you would like
> the
> > @twitterapi team involved with to help them get migrated over as well,
> then
> > feel free to drop me an e-mail asking me.
> >
> > On Sat, Apr 24, 2010 at 10:48 AM, Thomas Woolway  >wrote:
> >
> >
> >
> >
> >
> > > Hi Raffi,
> >
> > > Great that we've got a date for basic auth deprecation, but is there
> any
> > > news/timescales on OAuth Echo? We've got nine weeks and counting to get
> the
> > > spec, get the service providers to implement it, build it into clients
> and
> > > get our user-bases to upgrade if they want to be able to upload photos
> post
> > > June 30th. That's easier if you're web based, but not a huge amount of
> time
> > > if you are desktop or mobile based.
> >
> > > Thanks,
> >
> > > Tom
> >
> > > On Sat, Apr 24, 2010 at 4:49 PM, Raffi Krikorian  >wrote:
> >
> > >> there is a really good chance - now that oauth 2.0 has been submitted
> as a
> > >> drafthttp://tools.ietf.org/html/draft-hammer-oauth2-00, we are going
> to
> > >> spend some time catching up our oauth 2.0 implementation.  at that
> point,
> > >> we'll evaluate letting it loose.
> >
> > >> On Sat, Apr 24, 2010 at 8:44 AM, Dewald Pretorius  >wrote:
> >
> > >>> Raffi, that is super awesome. Thank you.
> >
> > >>> Any chance that you will have OAuth 2.0 in production before then?
> >
> > >>> On Apr 24, 12:40 pm, Raffi Krikorian  wrote:
> > >>> > hi all.
> >
> > >>> > you're going to be hearing a lot from me over the next 9 weeks.
>  our
> > >>> plan is
> > >>> > to turn off basic authorization on the API by june 30, 2010 --
> > >>> developers
> > >>> > will have to switch over to OAuth by that time.  between now and
> then,
> > >>> there
> > >>> > will be a *lot* of information coming along with tips on how to use
> > >>> OAuth
> > >>> > Echo, xAuth, etc.  we really want to make this transition as easy
> as we
> > >>> can
> > >>> > for everybody.
> >
> > >>> > as always, please feel free to reach out to this group, or to
> > >>> @twitterapi
> > >>> > directly.  if you need help remembering the date -
> > >>>http://bit.ly/twcountdown
> > >>> > .
> >
> > >>> > --
> > >>> > Raffi Krikorian
> > >>> > Twitter Platform Teamhttp://twitter.com/raffi
> >
> > >>> > --
> > >>> > Subscription settings:
> > >>>
> http://groups.google.com/group/twitter-development-talk/subscribe?hl=en
> >
> > >> --
> > >> Raffi Krikorian
> > >> Twitter Platform Team
> > >>http://twitter.com/raffi
> >
> > --
> > Raffi Krikorian
> > Twitter Platform Teamhttp://twitter.com/raffi
>



-- 
Raffi Krikorian
Twitter Platform Team
http://twitter.com/raffi

Re: [twitter-dev] Re: countdown to OAuth / basic auth removal / OAuthcalypse

2010-04-24 Thread Raffi Krikorian 
first three are taken care of, just let me know if you need help
coordinating with the others

On Sat, Apr 24, 2010 at 4:34 PM, John Meyer  wrote:

> On 4/24/2010 5:05 PM, Raffi Krikorian wrote:
>
>> if there any applications / service providers that you would like the
>> @twitterapi team to talk to - let me know.  or, have the application /
>> service provider come to us.
>>
>> i really want to make this transition as easy as possible.
>>
>
>
> I'll probably be contacting those services. Right now we have interfaces
> for:
> *TweetPhoto
> *TwitPic
> *yFrog
> *FileSocial
> *Twic.li
>
>
> After I get my butt in gear and get xAuth support I'll probably next work
> on encapsulating all of these services (currently TweetPhoto, TwitPic and
> FileSocial are part of the main class) so that changes can be more easily
> worked on.
>
>
>
> --
> Subscription settings:
> http://groups.google.com/group/twitter-development-talk/subscribe?hl=en
>



-- 
Raffi Krikorian
Twitter Platform Team
http://twitter.com/raffi

Re: [twitter-dev] Re: countdown to OAuth / basic auth removal / OAuthcalypse

2010-04-24 Thread John Meyer 

On 4/24/2010 5:05 PM, Raffi Krikorian wrote:

if there any applications / service providers that you would like the
@twitterapi team to talk to - let me know.  or, have the application /
service provider come to us.

i really want to make this transition as easy as possible.



I'll probably be contacting those services. Right now we have interfaces 
for:

*TweetPhoto
*TwitPic
*yFrog
*FileSocial
*Twic.li


After I get my butt in gear and get xAuth support I'll probably next 
work on encapsulating all of these services (currently TweetPhoto, 
TwitPic and FileSocial are part of the main class) so that changes can 
be more easily worked on.



--
Subscription settings: 
http://groups.google.com/group/twitter-development-talk/subscribe?hl=en

Re: [twitter-dev] Re: countdown to OAuth / basic auth removal / OAuthcalypse

2010-04-24 Thread Raffi Krikorian 
if there any applications / service providers that you would like the
@twitterapi team to talk to - let me know.  or, have the application /
service provider come to us.

i really want to make this transition as easy as possible.

On Sat, Apr 24, 2010 at 3:57 PM, John Meyer  wrote:

> On 4/24/2010 3:44 PM, Raffi Krikorian wrote:
>
>> hi tom!
>>
>> i will be sending more info about it - we've been working with yfrog,
>> tweetphoto, and twitpic to get their services migrated - they are either
>> finished or are nearly there.  if there are others that you would like
>> the @twitterapi team involved with to help them get migrated over as
>> well, then feel free to drop me an e-mail asking me.
>>
>
>
> Speaking on behalf of TwitterVB we use a lot of these services in our dll,
> so if any of the api's change dramatically we'd really love to hear about
> those changes.
>
>
> --
> Subscription settings:
> http://groups.google.com/group/twitter-development-talk/subscribe?hl=en
>



-- 
Raffi Krikorian
Twitter Platform Team
http://twitter.com/raffi

Re: [twitter-dev] Re: countdown to OAuth / basic auth removal / OAuthcalypse

2010-04-24 Thread John Meyer 

On 4/24/2010 3:44 PM, Raffi Krikorian wrote:

hi tom!

i will be sending more info about it - we've been working with yfrog,
tweetphoto, and twitpic to get their services migrated - they are either
finished or are nearly there.  if there are others that you would like
the @twitterapi team involved with to help them get migrated over as
well, then feel free to drop me an e-mail asking me.



Speaking on behalf of TwitterVB we use a lot of these services in our 
dll, so if any of the api's change dramatically we'd really love to hear 
about those changes.



--
Subscription settings: 
http://groups.google.com/group/twitter-development-talk/subscribe?hl=en

Re: [twitter-dev] Re: countdown to OAuth / basic auth removal / OAuthcalypse

2010-04-24 Thread Raffi Krikorian 
hi tom!

i will be sending more info about it - we've been working with yfrog,
tweetphoto, and twitpic to get their services migrated - they are either
finished or are nearly there.  if there are others that you would like the
@twitterapi team involved with to help them get migrated over as well, then
feel free to drop me an e-mail asking me.

On Sat, Apr 24, 2010 at 10:48 AM, Thomas Woolway wrote:

> Hi Raffi,
>
> Great that we've got a date for basic auth deprecation, but is there any
> news/timescales on OAuth Echo? We've got nine weeks and counting to get the
> spec, get the service providers to implement it, build it into clients and
> get our user-bases to upgrade if they want to be able to upload photos post
> June 30th. That's easier if you're web based, but not a huge amount of time
> if you are desktop or mobile based.
>
> Thanks,
>
> Tom
>
>
> On Sat, Apr 24, 2010 at 4:49 PM, Raffi Krikorian wrote:
>
>> there is a really good chance - now that oauth 2.0 has been submitted as a
>> draft http://tools.ietf.org/html/draft-hammer-oauth2-00, we are going to
>> spend some time catching up our oauth 2.0 implementation.  at that point,
>> we'll evaluate letting it loose.
>>
>>
>> On Sat, Apr 24, 2010 at 8:44 AM, Dewald Pretorius wrote:
>>
>>> Raffi, that is super awesome. Thank you.
>>>
>>> Any chance that you will have OAuth 2.0 in production before then?
>>>
>>> On Apr 24, 12:40 pm, Raffi Krikorian  wrote:
>>> > hi all.
>>> >
>>> > you're going to be hearing a lot from me over the next 9 weeks.  our
>>> plan is
>>> > to turn off basic authorization on the API by june 30, 2010 --
>>> developers
>>> > will have to switch over to OAuth by that time.  between now and then,
>>> there
>>> > will be a *lot* of information coming along with tips on how to use
>>> OAuth
>>> > Echo, xAuth, etc.  we really want to make this transition as easy as we
>>> can
>>> > for everybody.
>>> >
>>> > as always, please feel free to reach out to this group, or to
>>> @twitterapi
>>> > directly.  if you need help remembering the date -
>>> http://bit.ly/twcountdown
>>> > .
>>> >
>>> > --
>>> > Raffi Krikorian
>>> > Twitter Platform Teamhttp://twitter.com/raffi
>>> >
>>> > --
>>> > Subscription settings:
>>> http://groups.google.com/group/twitter-development-talk/subscribe?hl=en
>>>
>>
>>
>>
>> --
>> Raffi Krikorian
>> Twitter Platform Team
>> http://twitter.com/raffi
>>
>
>


-- 
Raffi Krikorian
Twitter Platform Team
http://twitter.com/raffi

Re: [twitter-dev] Re: countdown to OAuth / basic auth removal / OAuthcalypse

2010-04-24 Thread Thomas Woolway 
Hi Raffi,

Great that we've got a date for basic auth deprecation, but is there any
news/timescales on OAuth Echo? We've got nine weeks and counting to get the
spec, get the service providers to implement it, build it into clients and
get our user-bases to upgrade if they want to be able to upload photos post
June 30th. That's easier if you're web based, but not a huge amount of time
if you are desktop or mobile based.

Thanks,

Tom

On Sat, Apr 24, 2010 at 4:49 PM, Raffi Krikorian  wrote:

> there is a really good chance - now that oauth 2.0 has been submitted as a
> draft http://tools.ietf.org/html/draft-hammer-oauth2-00, we are going to
> spend some time catching up our oauth 2.0 implementation.  at that point,
> we'll evaluate letting it loose.
>
>
> On Sat, Apr 24, 2010 at 8:44 AM, Dewald Pretorius wrote:
>
>> Raffi, that is super awesome. Thank you.
>>
>> Any chance that you will have OAuth 2.0 in production before then?
>>
>> On Apr 24, 12:40 pm, Raffi Krikorian  wrote:
>> > hi all.
>> >
>> > you're going to be hearing a lot from me over the next 9 weeks.  our
>> plan is
>> > to turn off basic authorization on the API by june 30, 2010 --
>> developers
>> > will have to switch over to OAuth by that time.  between now and then,
>> there
>> > will be a *lot* of information coming along with tips on how to use
>> OAuth
>> > Echo, xAuth, etc.  we really want to make this transition as easy as we
>> can
>> > for everybody.
>> >
>> > as always, please feel free to reach out to this group, or to
>> @twitterapi
>> > directly.  if you need help remembering the date -
>> http://bit.ly/twcountdown
>> > .
>> >
>> > --
>> > Raffi Krikorian
>> > Twitter Platform Teamhttp://twitter.com/raffi
>> >
>> > --
>> > Subscription settings:
>> http://groups.google.com/group/twitter-development-talk/subscribe?hl=en
>>
>
>
>
> --
> Raffi Krikorian
> Twitter Platform Team
> http://twitter.com/raffi
>

Re: [twitter-dev] Re: countdown to OAuth / basic auth removal / OAuthcalypse

2010-04-24 Thread Raffi Krikorian 
there is a really good chance - now that oauth 2.0 has been submitted as a
draft http://tools.ietf.org/html/draft-hammer-oauth2-00, we are going to
spend some time catching up our oauth 2.0 implementation.  at that point,
we'll evaluate letting it loose.

On Sat, Apr 24, 2010 at 8:44 AM, Dewald Pretorius  wrote:

> Raffi, that is super awesome. Thank you.
>
> Any chance that you will have OAuth 2.0 in production before then?
>
> On Apr 24, 12:40 pm, Raffi Krikorian  wrote:
> > hi all.
> >
> > you're going to be hearing a lot from me over the next 9 weeks.  our plan
> is
> > to turn off basic authorization on the API by june 30, 2010 -- developers
> > will have to switch over to OAuth by that time.  between now and then,
> there
> > will be a *lot* of information coming along with tips on how to use OAuth
> > Echo, xAuth, etc.  we really want to make this transition as easy as we
> can
> > for everybody.
> >
> > as always, please feel free to reach out to this group, or to @twitterapi
> > directly.  if you need help remembering the date -
> http://bit.ly/twcountdown
> > .
> >
> > --
> > Raffi Krikorian
> > Twitter Platform Teamhttp://twitter.com/raffi
> >
> > --
> > Subscription settings:
> http://groups.google.com/group/twitter-development-talk/subscribe?hl=en
>



-- 
Raffi Krikorian
Twitter Platform Team
http://twitter.com/raffi